Craigslist Malware Threat: Hackers Use Email System to Deliver Malware, Don’t Click Phishing Emails


Do you have a Craigslist account? Be warned, his internal messaging system was recently hijacked by a scammer. Cybercriminals send Craigslist malware to registered users.

Craigslist users should watch out for “genuine emails” from the website. While it contains a valid Craigslist IP address, it may also include malware that could damage the device.

According to Threat post, the company was hijacked by attackers this month. Cybercriminals abused the internal messaging system, pretended to be the company, and sent emails about deleting their accounts.

Following the instructions to “register”, the account will download the malware.

Craigslist phishing email and malware

Security company researchers INK discovered this malware for the first time. They said the malware was cleverly hidden on a custom document uploaded to Microsoft OneDrive. Since the URL was linked to Microsoft OneDrive, it has bypassed the flow of threat intelligence and even outpaced most security vendors.

A screenshot of the Craigslist notification was included in the report. The phishing email wrote: “Our platform’s content posting policy explicitly prohibits inappropriate content, your ad has received numerous red flags. Immediate editing and filling out of form D7.b is required. .. If inactive, the account will be deleted and all other attempts to register new accounts will be rejected. “

Granted, cybercriminals made the email very convincing. The threat of account termination and a permanent ban could scare away many active users. However, users should firmly ignore this email.

Read also: Stimulus Control Update Four: Slow Progress of $ 2,000 Online Petition, $ 600 California Payment Schedule, Medicare Expansion

Craigslist Malware Revealed

According to INKY, there are a few signs of the malware. By hovering the mouse over the link, a Russian domain “” will appear.

Also note that clicking on the link will initiate the download of a .ZIP file of a worksheet that supports macros. Users who click on the “Enable Editing” or “Enable Content” options will allow the malware to bypass Microsoft Office security checks and control macros.

The corrupt spreadsheet called DocuSign has also impersonated brands like Norton and Microsoft to make its file much more compelling.

Fortunately, when the INKY team attempted to obtain the malware, it led to a 404 error message. INKY speculated that this could have been the attackers’ error or an indication that a security company was making it. had already found and demolished.

Nonetheless, INKY cautioned against the vicious nature of this attack hosted by Craigslist. This method could also install a Remote Access Tool (RAT), implement a first stage implant like TrickBot, launch ransomware attacks, exfiltrate sensitive data, or deploy a keylogger.

Users should beware of these types of attacks even in the future. Cybercriminals are getting much more creative with their hacking strategies, making their detection extremely difficult. Users can help improve their security by following a few steps.

This article contains some suggestions for improving account security, which even helped users who were exposed to the Twitch 2021 data breach.

Associated article: How much did it cost Apple to build the iPhone 13? The OLED Pro Max display costs $ 105 on its own!


About Author

Leave A Reply